[CENTOS] Transfer network device logs to syslog server and manage generations with logrotate

Overview

Logs of network switches such as Cisco Catalyst 2960X are transferred to the syslog server, and the received logs are set to be managed by logrotate on the syslog server side. Also, as a bonus, a sample to generate a file for logrotate with python is also described.

environment

The assumed environment is as follows. -Catalyst 2960X (WS-C2960X-48TD-L) IOS Version 15.2 (4) E5 -CentOS Linux release 7.5.1804 (Core) ・ Logrotate-3.8.6-15.el7 ・ Rsyslog-8.24.0-16.el7 -Python 2.7.5

IP address ・ Switch: 192.168.1.1 · Syslog server: 192.168.1.100

In the following explanation, it is assumed that the above environment has already been built.

Settings on the Catalyst switch side

After logging in to the Catalyst switch, switch to privileged mode and global configuration mode. Set the log transfer to the syslog server with the following command.

switch1(config)#logging host 192.168.1.100

Syslog server side settings

firewalld settings

Open the syslog service port with firewall-cmd.

# firewall-cmd --add-service=syslog --zone=public
# firewall-cmd --add-service=syslog --zone=public --permanent

rsyslog settings

Logs sent from the switch under / var / log / networkdevices, the directory of the switch IP address, It is assumed that the file name of the IP address of the switch + ".log" is saved.

Add the following settings to #### TEMPLATES #### in /etc/rsyslog.conf.

#### TEMPLATES ####
$template RemoteHost,"/var/log/networkdevices/%fromhost%/%fromhost%.log"

Also, create the / var / log / networkdevices / directory.

# mkdir /var/log/networkdevices

logrotate settings

/ var / log / networkdevices / Switch IP / Switch IP.log Make settings to compress and rotate the file.

Create a file named the switch IP under /etc/logrotate.d/ with the following contents.

# pwd
/etc/logrotate.d

# vi 192.168.1.1
/var/log/networkdevices/192.168.1.1/192.168.1.1.log {
        daily
        rotate 31
        compress
        delaycompress
        missingok
        notifempty
        create 0664 root root
}

This will compress the 192.168.1.1.log file and allow it to rotate in 31 generations.

bonus

This is an example of a python program that reads a text file containing a list of ip addresses line by line and generates a configuration file for logrotate.

list.txt


192.168.1.1
192.168.2.1
・ ・ ・

sample01.py


#!/usr/bin/env python

f = open('list.txt', 'r')
line = f.readline()

while line:
        af = line.strip()

        file = '/etc/logrotate.d/' + af

        with open(file, 'w') as outp:
                outp.write("/var/log/networkdevices/" + af + "/" + af + ".log {\n")
                outp.write("\tdaily\n")
                outp.write("\trotate 31\n")
                outp.write("\tcompress\n")
                outp.write("\tdelaycompress\n")
                outp.write("\tmissingok\n")
                outp.write("\tnotifempty\n")
                outp.write("\tcreate 0664 root root\n")
                outp.write("}\n")

        line = f.readline()
f.close()

Recommended Posts

Transfer network device logs to syslog server and manage generations with logrotate
Manage logrotate generations with a shell script.
screen and split screen with python and ssh login to remote server
Build a Python environment and transfer data to the server
Output to syslog with Loguru